Platform
sap
Component
sap-businessobjects-business-intelligence-platform
Opgelost in
430.0.1
2025.0.1
2027.0.1
CVE-2026-0508 is a critical consensus divergence vulnerability discovered in the Zebra blockchain implementation. An attacker can exploit this flaw to create transactions that Zebra accepts as valid but are rejected by the reference zcashd implementation, leading to a split in the blockchain's consensus. This vulnerability affects versions of Zebra prior to 4.4.1 and has been addressed with a patch.
The primary impact of CVE-2026-0508 is the potential for consensus divergence within the Zebra network. An attacker could craft malicious V5 transparent transactions using SIGHASH_SINGLE without a corresponding output, which Zebra would incorrectly validate. This could lead to the creation of invalid blocks that are accepted by Zebra nodes but rejected by zcashd nodes, effectively splitting the blockchain. The blast radius extends to all nodes running vulnerable Zebra versions, potentially disrupting the network's integrity and leading to double-spending or other malicious activities. This vulnerability shares similarities with consensus-breaking bugs that have historically impacted other blockchain implementations, highlighting the importance of rigorous testing and adherence to consensus rules.
The vulnerability was published on 2026-05-08. Severity is rated as CRITICAL (CVSS 9.5). No public exploits or active campaigns have been reported at this time. The vulnerability is not currently listed on KEV or EPSS, indicating a low to medium probability of exploitation. Refer to the official Zebra project advisories for further details and updates.
Exploit Status
EPSS
0.01% (2% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-0508 is to upgrade Zebra to version 4.4.1 or later, which includes the fix for the consensus divergence issue. If an immediate upgrade is not feasible, consider temporarily disabling V5 transparent transactions as a workaround, although this will impact functionality. Monitor Zebra node behavior for any signs of consensus divergence, such as discrepancies in block heights or transaction validation. No specific WAF or proxy rules are applicable, as the vulnerability lies within the Zebra software itself. After upgrading, confirm the fix by attempting to create and validate a transaction with the vulnerable characteristics (V5 transparent transaction with SIGHASH_SINGLE and no corresponding output) – it should now be rejected.
Actualice SAP BusinessObjects Business Intelligence Platform a la última versión disponible proporcionada por SAP. Consulte la nota SAP 3674246 para obtener más detalles e instrucciones específicas.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
It's a critical vulnerability in Zebra blockchain allowing attackers to create transactions accepted by Zebra but rejected by zcashd, potentially causing consensus divergence.
If you are running Zebra versions prior to 4.4.1, you are potentially affected by this vulnerability.
Upgrade Zebra to version 4.4.1 or later to resolve the consensus divergence issue.
No public exploits or active campaigns have been reported at this time.
Refer to the official Zebra project advisories and the NVD entry for CVE-2026-0508 for detailed information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.